ioc[.]one - OSINT Cyber Threat Intelligence Database

Attackers Abusing Various Remote Control Tools - ASEC BLOG

Tags

country:	Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Credentials - T1589.001 Keylogging - T1056.001 Keylogging - T1417.001 Malvertising - T1583.008 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vnc - T1021.005 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	905d579f-32dc-462e-9528-13c1de5ba3eb
Fingerprint	a53cad0c88fb8e84
Analysis status	DONE
Considered CTI value	1
Text language
Published	Oct. 21, 2022, 11:30 a.m.
Added to db	Oct. 24, 2023, 1:36 p.m.
Last updated	Sept. 5, 2024, 12:53 a.m.
Headline	Attackers Abusing Various Remote Control Tools
Title	Attackers Abusing Various Remote Control Tools - ASEC BLOG
Detected Hints/Tags/Attributes	96/3/20

Source URLs

	Redirection	Url
Details	Source	https://asec.ahnlab.com/en/40263/

URL Provider

Details	Provider	Source level domain
Details	ahnlab.com	asec.ahnlab.com

Attributes

Details	Type	#Events	Value
Details	Domain	25	mdp.download
Details	Domain	3	bbq.zzhreceive.top
Details	File	6	vncdll.dll
Details	File	8	tvnserver.exe
Details	File	7	tvnviewer.exe
Details	File	3	rd.exe
Details	File	2	todesk.rar
Details	File	2	mscorsvw2.exe
Details	md5	2	fe1bb6811f5c808414c4a357031c2718
Details	md5	2	1aeb95215a633400d90ad8cbca9bc300
Details	IPv4	2	106.250.168.50
Details	IPv4	3	183.111.148.147
Details	IPv4	2	119.201.213.146
Details	IPv4	3	58.180.56.28
Details	Url	2	http://106.250.168.50/rd.exe
Details	Url	2	http://106.250.168.50/todesk.rar
Details	Url	2	http://183.111.148.147/mscorsvw2.exe
Details	Url	2	http://119.201.213.146/mscorsvw2.exe
Details	Url	2	http://58.180.56.28/mscorsvw2.exe
Details	Url	3	http://bbq.zzhreceive.top/tmate